CVE-2024-50100
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50100
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50100.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-50100
- Downstream
- Related
- Published
- 2024-11-05T17:07:37.997Z
- Modified
- 2025-11-20T06:58:52.820722Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- USB: gadget: dummy-hcd: Fix "task hung" problem
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
USB: gadget: dummy-hcd: Fix "task hung" problem
The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers. It turns out that the problems are caused by a subtle difference between the timerpending() and hrtimeractive() APIs.
The changeover blindly replaced the first by the second. However, timerpending() returns True when the timer is queued but not when its callback is running, whereas hrtimeractive() returns True when the hrtimer is queued or its callback is running. This difference occasionally caused dummyurbenqueue() to think that the callback routine had not yet started when in fact it was almost finished. As a result the hrtimer was not restarted, which made it impossible for the driver to dequeue later the URB that was just enqueued. This caused usbkillurb() to hang, and things got worse from there.
Since hrtimers have no API for telling when they are queued and the callback isn't running, the driver must keep track of this for itself. That's what this patch does, adding a new "timer_pending" flag and setting or clearing it at the appropriate times.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/5189df7b8088268012882c220d6aca4e64981348
- https://git.kernel.org/stable/c/7d85884576a3be3616c260fc1fa862a59579d1ab
- https://git.kernel.org/stable/c/cf7ee2291da551fc4b109fda1f6a332cb8212065
- https://git.kernel.org/stable/c/f828205ee3e4ddc712a13fba6c9902d51e91ddaf
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8ffba8d917f44a8acbfccbdec331204353ac8ac8Fixedcf7ee2291da551fc4b109fda1f6a332cb8212065
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4a4cb56556124027f4846ff30849c0ede981aa92Fixed7d85884576a3be3616c260fc1fa862a59579d1ab
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda7f3813e589fd8e2834720829a47b5eb914a9afeFixedf828205ee3e4ddc712a13fba6c9902d51e91ddaf
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda7f3813e589fd8e2834720829a47b5eb914a9afeFixed5189df7b8088268012882c220d6aca4e64981348
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.9
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "15490380849690292653332202973277923788",
"length": 447.0
},
"id": "CVE-2024-50100-101fac89",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d85884576a3be3616c260fc1fa862a59579d1ab",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_urb_dequeue"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "293690949906586801908223444620199933579",
"length": 1099.0
},
"id": "CVE-2024-50100-1c7275f3",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5189df7b8088268012882c220d6aca4e64981348",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_urb_enqueue"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "293690949906586801908223444620199933579",
"length": 1099.0
},
"id": "CVE-2024-50100-3179b824",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d85884576a3be3616c260fc1fa862a59579d1ab",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_urb_enqueue"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "250419060029127275803822575601304086669",
"length": 513.0
},
"id": "CVE-2024-50100-33c8c1d3",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf7ee2291da551fc4b109fda1f6a332cb8212065",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_bus_resume"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "250419060029127275803822575601304086669",
"length": 513.0
},
"id": "CVE-2024-50100-3934d3d3",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f828205ee3e4ddc712a13fba6c9902d51e91ddaf",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_bus_resume"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "79989987601768211677513085200279281433",
"length": 204.0
},
"id": "CVE-2024-50100-47754887",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf7ee2291da551fc4b109fda1f6a332cb8212065",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_stop"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "15490380849690292653332202973277923788",
"length": 447.0
},
"id": "CVE-2024-50100-56b44233",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf7ee2291da551fc4b109fda1f6a332cb8212065",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_urb_dequeue"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "79989987601768211677513085200279281433",
"length": 204.0
},
"id": "CVE-2024-50100-69c63d01",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d85884576a3be3616c260fc1fa862a59579d1ab",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_stop"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "293690949906586801908223444620199933579",
"length": 1099.0
},
"id": "CVE-2024-50100-746c34cb",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f828205ee3e4ddc712a13fba6c9902d51e91ddaf",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_urb_enqueue"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "93623055138763212233893826297898573696",
"length": 3759.0
},
"id": "CVE-2024-50100-8105f001",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f828205ee3e4ddc712a13fba6c9902d51e91ddaf",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_timer"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"52114428583836597880849945451104514665",
"166978855528186931271765483844393133270",
"243963415045668849509131431254861413512",
"232872904523642083550579636797889805803",
"75962401042275260095326850230094695845",
"176203154481513566431459410458778498538",
"128344943244935723732848173852488480842",
"115715404702101227445239651526185240928",
"267929726438919898841802868964184974860",
"195439075546323011430844212931375233194",
"48000755756922272853098704766295554462",
"105880920666435502650174209200299964848",
"74175189402332002286021354177129764641",
"318234268900077866206089735504809794187",
"305036904550802034446003969438901199163",
"109089922129665183297380601466873758350",
"149538004751185263527697386011781393055",
"205636015885064785333859714000573066753",
"3330572882031329351713112760632420883",
"250565213449675335691347115292713850074",
"209615872266865394650282129920748056764",
"205838517644350866285560889848035852854",
"70083868495193393292834841039551501983",
"228034834193402553488937747784138486483",
"276396841209228230689908459806920061517",
"167627292790741726932481405722007175658",
"302519130569928377186839957205439902210",
"35144399238738236335615917539739653730",
"185558289674661993974389746979505933871",
"183175165835705707795489859140889328111",
"135652621254161212179383740643370506264",
"187974258356279328289644922025796656569"
]
},
"id": "CVE-2024-50100-85ab3104",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf7ee2291da551fc4b109fda1f6a332cb8212065",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "250419060029127275803822575601304086669",
"length": 513.0
},
"id": "CVE-2024-50100-913e9149",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5189df7b8088268012882c220d6aca4e64981348",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_bus_resume"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "293690949906586801908223444620199933579",
"length": 1099.0
},
"id": "CVE-2024-50100-9ff6a58d",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf7ee2291da551fc4b109fda1f6a332cb8212065",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_urb_enqueue"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"52114428583836597880849945451104514665",
"166978855528186931271765483844393133270",
"243963415045668849509131431254861413512",
"232872904523642083550579636797889805803",
"75962401042275260095326850230094695845",
"176203154481513566431459410458778498538",
"128344943244935723732848173852488480842",
"115715404702101227445239651526185240928",
"267929726438919898841802868964184974860",
"195439075546323011430844212931375233194",
"48000755756922272853098704766295554462",
"105880920666435502650174209200299964848",
"74175189402332002286021354177129764641",
"318234268900077866206089735504809794187",
"305036904550802034446003969438901199163",
"109089922129665183297380601466873758350",
"149538004751185263527697386011781393055",
"205636015885064785333859714000573066753",
"3330572882031329351713112760632420883",
"250565213449675335691347115292713850074",
"209615872266865394650282129920748056764",
"205838517644350866285560889848035852854",
"70083868495193393292834841039551501983",
"228034834193402553488937747784138486483",
"276396841209228230689908459806920061517",
"167627292790741726932481405722007175658",
"302519130569928377186839957205439902210",
"35144399238738236335615917539739653730",
"185558289674661993974389746979505933871",
"183175165835705707795489859140889328111",
"135652621254161212179383740643370506264",
"187974258356279328289644922025796656569"
]
},
"id": "CVE-2024-50100-aa5074ba",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d85884576a3be3616c260fc1fa862a59579d1ab",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "15490380849690292653332202973277923788",
"length": 447.0
},
"id": "CVE-2024-50100-baf6511e",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f828205ee3e4ddc712a13fba6c9902d51e91ddaf",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_urb_dequeue"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "79989987601768211677513085200279281433",
"length": 204.0
},
"id": "CVE-2024-50100-c26cc635",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f828205ee3e4ddc712a13fba6c9902d51e91ddaf",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_stop"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "15490380849690292653332202973277923788",
"length": 447.0
},
"id": "CVE-2024-50100-c36c4fcc",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5189df7b8088268012882c220d6aca4e64981348",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_urb_dequeue"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "250419060029127275803822575601304086669",
"length": 513.0
},
"id": "CVE-2024-50100-c686251d",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d85884576a3be3616c260fc1fa862a59579d1ab",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_bus_resume"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"52114428583836597880849945451104514665",
"166978855528186931271765483844393133270",
"243963415045668849509131431254861413512",
"232872904523642083550579636797889805803",
"75962401042275260095326850230094695845",
"176203154481513566431459410458778498538",
"128344943244935723732848173852488480842",
"115715404702101227445239651526185240928",
"267929726438919898841802868964184974860",
"195439075546323011430844212931375233194",
"48000755756922272853098704766295554462",
"105880920666435502650174209200299964848",
"74175189402332002286021354177129764641",
"318234268900077866206089735504809794187",
"305036904550802034446003969438901199163",
"109089922129665183297380601466873758350",
"149538004751185263527697386011781393055",
"205636015885064785333859714000573066753",
"3330572882031329351713112760632420883",
"250565213449675335691347115292713850074",
"209615872266865394650282129920748056764",
"205838517644350866285560889848035852854",
"70083868495193393292834841039551501983",
"228034834193402553488937747784138486483",
"276396841209228230689908459806920061517",
"167627292790741726932481405722007175658",
"302519130569928377186839957205439902210",
"35144399238738236335615917539739653730",
"185558289674661993974389746979505933871",
"183175165835705707795489859140889328111",
"135652621254161212179383740643370506264",
"187974258356279328289644922025796656569"
]
},
"id": "CVE-2024-50100-de344c62",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f828205ee3e4ddc712a13fba6c9902d51e91ddaf",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "93623055138763212233893826297898573696",
"length": 3759.0
},
"id": "CVE-2024-50100-e961549a",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5189df7b8088268012882c220d6aca4e64981348",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_timer"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "93623055138763212233893826297898573696",
"length": 3759.0
},
"id": "CVE-2024-50100-edad89fa",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf7ee2291da551fc4b109fda1f6a332cb8212065",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_timer"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "79989987601768211677513085200279281433",
"length": 204.0
},
"id": "CVE-2024-50100-ee47e43b",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5189df7b8088268012882c220d6aca4e64981348",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_stop"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"52114428583836597880849945451104514665",
"166978855528186931271765483844393133270",
"243963415045668849509131431254861413512",
"232872904523642083550579636797889805803",
"75962401042275260095326850230094695845",
"176203154481513566431459410458778498538",
"128344943244935723732848173852488480842",
"115715404702101227445239651526185240928",
"267929726438919898841802868964184974860",
"195439075546323011430844212931375233194",
"48000755756922272853098704766295554462",
"105880920666435502650174209200299964848",
"74175189402332002286021354177129764641",
"318234268900077866206089735504809794187",
"305036904550802034446003969438901199163",
"109089922129665183297380601466873758350",
"149538004751185263527697386011781393055",
"205636015885064785333859714000573066753",
"3330572882031329351713112760632420883",
"250565213449675335691347115292713850074",
"209615872266865394650282129920748056764",
"205838517644350866285560889848035852854",
"70083868495193393292834841039551501983",
"228034834193402553488937747784138486483",
"276396841209228230689908459806920061517",
"167627292790741726932481405722007175658",
"302519130569928377186839957205439902210",
"35144399238738236335615917539739653730",
"185558289674661993974389746979505933871",
"183175165835705707795489859140889328111",
"135652621254161212179383740643370506264",
"187974258356279328289644922025796656569"
]
},
"id": "CVE-2024-50100-ef6b3ab0",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5189df7b8088268012882c220d6aca4e64981348",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "93623055138763212233893826297898573696",
"length": 3759.0
},
"id": "CVE-2024-50100-f5711fa4",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d85884576a3be3616c260fc1fa862a59579d1ab",
"target": {
"file": "drivers/usb/gadget/udc/dummy_hcd.c",
"function": "dummy_timer"
}
}
]